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REMARKS 

The examiner is thanked for the performance of a thorough search. By this amendment, 
Claims X, X, X and X have been amended. Claims 15-17 are canceled. Claims 18-35 are new. 
Hence, Claims 1-14 and 18-35 are pending in the application. The amendments to the claims as 
indicated herein do not add any new matter to this application. Furthermore, amendments made 
to the claims as indicated herein have been made to exclusively improve readability and clarity 
of the claims and not for the purpose of overcoming alleged prior art. Each issue raised in the 
Office Action mailed February 15, 2006 is addressed hereinafter. 
I. ISSUES RELATING TO PRIOR ART 

A. CLAIMS 1-5— MEYER I 

Claims 1-5 stand rejected under 35 U.S.C. §102(b) as allegedly anticipated by Meyer et 
al. US Publication 2002/0145976 ("Meyer I"). The rejection is respectfully traversed. 

A rejection under §102 is traversed if the claims recite one or more features, elements, 
steps or limitations that are not found in the cited reference. Stated another way, the cited 
reference must teach or disclose each and every feature of the claims, arranged as in the claims. 
See Connell v. Sears, Roebuck & Co., 722 F.2d 1542, 1548, 220 USPQ 193, 198 (Fed. Cir. 
1983). The claims of the present application contain features not found in the reference, and 
therefore the rejection is overcome. 

The Office action contends that Meyer I shows the subject matter of claims 1-5 at 
paragraphs 0040-0060. This is incorrect for at least two reasons: 

1 . Meyer Does Not Provide Responsive Action Only When the TCP Re- 
transmission Buffer is Empty. Original claim 1 provided for incrementing a false duplicate 
ACK counter when the TCP re-transmission buffer maintained by the receiver is empty. Present 
claim 1 clarifies that the responsive action of claim 1 — sending a corrective ACK message — also 

occurs only when the TCP re-transmission buffer is empty. In contrast, Meyer I does not provide 
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a counter of false duplicate ACKs — Meyer I counts all duplicate ACKs — and Meyer I responds 
whenever a duplicate- ACK count is reached, regardless of the state of the re-transmission buffer. 
Meyer I does not test whether the re-transmission buffer is empty. 

Indeed, Meyer I teaches away from the claimed invention by describing retransmitting 
the oldest unacknowledged segment when the ACK count threshold is exceeded. (See FIG. 1, 
step S5 and [0045].) A re-transmitted segment necessarily comes from the re-transmission 
buffer. Meyer I could not perform such a retransmission if the buffer was empty, and Meyer I 
provides no hint about what to do in that situation. Meyer I does not even describe the same 
problem as Applicants — namely, how to prevent attacks on TCP systems arising from the 
intentional or malicious transmission or injection of false duplicate ACK segments. 

Because Meyer I does not test whether the re-transmission buffer is empty, and does not 
perform an action only when the buffer is empty, Meyer I does not anticipate claim 1. 

2. Meyer Does Not Send a Corrective ACK Message. Original claim 1 recites 
"sending a corrective ACK message that provides a correct sequence value and ACK value" in 
response to determining that a false duplicate ACK count is exceeded. In contrast, Meyer I 
provides only for re-transmitting a segment from the re-transmission buffer. A TCP data 
segment is not an ACK segment. A re-transmitted segment as in Meyer I is not a corrective 
ACK message as claimed, and the Office Action does not cite a particular paragraph of Meyer I 
that allegedly provides a corrective ACK segment. Sending re-transmissions as in Meyer I will 
not solve the problem that Applicants address in the specification and solve in claim 1. 

For at least the foregoing reasons, claim 1 has at least one feature not found in Meyer I. 
Therefore, an anticipation rejection of claim 1 is not supported in Meyer I. Claims 2-5 depend 
from claim 1 and include the features described above by dependency. Therefore, Meyer I does 
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not anticipate claims 2-5 for the same reasons set forth above for claim 1 . Reconsideration is 
respectfully requested. 

B. CLAIMS 6-1 7— MEYER I AND MEYER II 

Claims 6-17 stand rejected under 35 U.S.C. §103 as allegedly unpatentable over Meyer I 
in view of Meyer et al. US Publication 2003/0191844 ("Meyer II"). The rejection is respectfully 
traversed. 

A rejection under §103 must provide the complete claimed subject matter from one or 
more prior art references. Claims 6 and 7 depend from claim 1. Claims 15-17 are canceled, but 
new claims 18-20 recite similar subject matter and all features described above for claim 1. 
Claim 1 includes at least two features not found in Meyer I as stated above, and Meyer II does 
not cure the deficiencies of Meyer I that are described above. Further, the Office Action does 
not rely on Meyer II to "fill gaps" of Meyer I relating to claim 1 . Therefore, any combination of 
Meyer I with Meyer II cannot provide the complete subject matter recited in claim 1 or any 
dependent claim. Accordingly, claims 6, 7, and 18-20 are allowable over Meyer I and Meyer II. 

Regarding claims 6-7, the Office Action contends that Meyer I provides "receiving the 
corrective ACK message" as "a segment is retransmitted ..." This is incorrect. Re-transmitting 
a data segment from the re-transmission buffer is not the same as sending a corrective ACK 
message as claimed. The Office Actions' motivation to combine is also misplaced. The Office 
Action contends that a skilled artisan "would have been motivated by the suggestion of Meyer II 
to avoid unnecessary retransmissions and reduce the burstiness of the transmissions" (citing 
Meyer II [001 1]). However, Applicants' disclosure is concerned with attack prevention, not 
avoiding retransmissions or addressing bursts. Therefore, a skilled artisan seeking to solve the 
same problem as Applicants would not, based on the cited part of Meyer n, think to combine 
Meyer II with Meyer I. 
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Claims 8-14 recite special processing that is performed in response to segments that have 
sequence numbers too far outside an expected range. In particular, claims 8-14 recite that "if the 
sequence value gap is too large, then performing the steps of: creating and sending a dummy 
segment carrying a particular sequence value that is just prior to a last properly acknowledged 
sequence value; receiving an acknowledgment of the dummy segment; determining whether a 
second sequence value carried in the acknowledgment is less than a third sequence value of the 
first TCP segment; and discarding the particular TCP segment from the re-assembly buffer when 
the second sequence value carried in the acknowledgment is less than the third sequence value of 
the particular TCP segment." (The preceding claim subject matter is termed the dummy 
segment features hereinafter.) 

Regarding claims 8-17, the Office Action contends that the dummy segment features are 
found in Meyer II at paragraphs [0039] to [0060]. This is incorrect. Meyer II describes 
discarding packets that have a sequence number that is out of range at [0039], last sentence. At 
[0063], Meyer II also describes retaining retransmitted packets even when a large sequence gap 
is detected and simply requesting the sender to send missing intervening retransmissions. In the 
claimed approach, a received segment with a sequence number reflecting a large gap is 
temporarily held in the buffer, but removed if a dummy segment is sent and another gap is 
detected, indicating spurious transmissions. Those claim features are completely absent from the 
logic of FIG. 4 of Meyer II and all related description. 

Meyer II describes sending status messages triggered by erroneous retransmissions 
([0044]), but does not teach the particular dummy segment that is claimed or the subsequent tests 
of a second and third sequence value as claimed. However, the status messages of Meyer II are 
not triggered by out-of-range sequence numbers. Sending status messages in Meyer II is an 
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attempt to deal with erroneous retransmissions that fail to fill a previously detected sequence 
number gap, not a response to a sequence value gap that is too large. 

Thus, with respect to large sequence value gaps, Meyer II merely describes dropping an 
offending segment ([0022]) or permanently retaining a segment (FIG. 4, [0063]). Meyer II does 
not send a dummy segment in an attempt to determine if proper data or spurious data was sent. 
On the one hand, Meyer II does nothing to address the fact that sequence gaps may occur when 
packets of a trusted sender have been dropped, so that a segment with a sequence number gap 
actually may be valid. Instead, Meyer II simply drops all packets with gaps. On the other hand, 
Meyer II also does nothing to address the fact that packet received at FIG. 4, step 3b ([0063]) 
could be spurious data from an attacker — Meyer II accepts such segments and simply requests 
allegedly missing retransmissions from the sender. 

In contrast, claim 8 provides for a far more intelligent approach in which a segment 
reflecting a gap is discarded only after sending a dummy segment and determining, from a 
response to the dummy segment, that the prior segment was spurious. For at least these reasons, 
Meyer II does not describe or suggest the subject matter of claim 8. 

Claims 9-14 depend from claim 8 and recite all the features of claim 8 that are described 
above. Therefore, the references do not teach or suggest the subject matter of claims 9-14 for the 
same reasons given above. Reconsideration is respectfully requested. 

C. NEW CLAIMS 18-35 

New claims 18-35 generally have the same scope as claims 1-14, but are presented in 
different claim formats. Claims 18-20 correspond to claim 1 but are presented in apparatus 
format and computer-readable-medium format. Claims 28-29 correspond to claim 8 but are 
presented in apparatus format. Claims 21-27 and 30-35 correspond to the dependent claims 
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described above. Thus, new claims 18-35 are allowable for the same reasons given above for 
claims 1-14. Favorable consideration is respectfully requested, 
n. CONCLUSIONS & MISCELLANEOUS 

For the reasons set forth above, all of the pending claims are now in condition for 
allowance. The Examiner is respectfully requested to contact the undersigned by telephone 
relating to any issue that would advance examination of the present application. 

A petition for extension of time, to the extent necessary to make this reply timely filed, is 
hereby made. If applicable, a law firm check for the petition for extension of time fee is enclosed 
herewith. If any applicable fee is missing or insufficient, throughout the pendency of this 
application, the Commissioner is hereby authorized to any applicable fees and to credit any 
overpayments to our Deposit Account No. 50-1302. 



Respectfully submitted, 

HICKMAN PALERMO TRUONG & BECKER LLP 



Dated: May 15, 2006 



Christopher J. Palermo 
Reg. No. 42,056 




2055 Gateway Place Suite 550 
San Jose, California 95110-1093 
Telephone No.: (408) 414-1080x202 
Facsimile No.: (408)414-1076 
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